Skip to content


At this point, the developer is ready to request a cluster. To get access to the environment, note that the developer

  • Does not need to have any knowledge of Terraform or other IaC frameworks
  • Does not need access to privileged credentials for GCP
  • Does not need any help from the Platform team to deploy their environment


Ensure that the developer is assigned to a group that has the "Environment Template User role" in the project. This will provide the developer the ability to create the new cluster based environment via self-service.

Request Cluster

When a developer requests a cluster, a series of steps are automatically performed to fulfil the request. The sequence diagram below describes the high level steps.


Although the recommended workflow assumes and recommends using an Integration with an Identity Provider (IdP) to provide a Single Sign On (SSO) experience, organizations can also use locally managed users.

    participant dev as Developer
    participant rafay as Rafay Platform
    participant csp as GCP
    participant idp as Identity Provider 

    dev->>rafay: Login (Opt. SSO)
    dev->>rafay: Creates Environment 
    rafay->>csp: Create Project 
    rafay->>csp: Deploy Cluster 
    rect rgba(0, 0, 255, .1)
    opt SSO via Identity Provider
        rafay-->>idp: Create Group for k8s cluster 
        rafay-->>idp: Add developer to Group 
    rafay->>rafay: Create Group in Rafay
    rafay->>rafay: Add Project Admin and Cluster Admin <br>RBAC to Group
    rafay->>rafay: Add User to Group
    dev-->>app: Developer uses Cluster


Once the developer logs into the Rafay Org after the the environment is created (SSO using Identity Provider recommended), they will automatically have access to their specific cluster they have been authorized to use. The necessary RBAC to the assigned Kubernetes namespace is orchestrated automatically by Rafay Kubernetes Manager.

Step 1: Configure Environment

In this step, a developer will configure their Kubernetes Cluster environment using the provided environment template. Once the Cluster is created, the developer will be automatically provided access to the Cluster with a role with which they can administer the cluster.

  • Log into the controller and select your project
  • Navigate to Environments -> Environments
  • Click New Environment
  • Enter gke-cluster1 for the name
  • Select the existing environment template
  • Select the environment template version
  • Click Create
  • Click Save

Step 2: Deploy Environment

The developer can now deploy the environment. Environment Manager will automatically create a Cluster, configure the Cluster project with the specified policies and assign the proper RBAC to allow the developer with the privileges to manage resources in the newly created Cluster.

  • Developer logs in and navigates to the project
  • Navigate to Environments -> Environments
  • Click on the gke-cluster1 environment
  • Click Deploy

The environment will begin to deploy. This step can take ~25 minutes to complete.

Step 3: Use Cluster

Once the environment has finished deploying, the developer can use the newly deployed Cluster. They can deploy and operate containerized applications to the newly created cluster. The typical steps are as follows

  • Build a container image
  • Upload the container image to a container registry (e.g. ECR or DockerHub)
  • Create Kubernetes YAML for the container image
  • Deploy the application to the cluster using either Kubectl or Helm or Rafay workloads.

Access Cluster

Developers can optionally use the steps below to access the Cluster that is created for them.

  • Log into the controller
  • Search for project gke-cluster1 (A project with the same name as the environment resource name is created for the Cluster)
  • Click the gke-cluster1 project name
  • Navigate to Infrastructure -> Clusters

You will see the provisioned Cluster available for use.



In summary, with Rafay, developers can now develop, deploy and validate their applications on GKE Clusters that was provisioned for them in a "self-service" manner.